[asterisk-users] Best Firewall Suggestions?

David Wathen david at slopecolorado.com
Wed Oct 14 12:29:58 CDT 2009 

Hi Myles,

Thanks to you and everyone else that has responded. I've really learned a
lot. pFSense and IPCop sounds let best so far for LINUX based firewalls.

I'm also wondering if anyone has any suggestions for a standalone firewall
appliance like my Linksys WRT54G except one better suited for a small
business and that NAT works well with VOIP.

Thanks again!

David Wathen
 

> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of 
> Myles Wakeham
> Sent: Tuesday, October 13, 2009 9:06 PM
> To: asterisk-users at lists.digium.com
> Subject: Re: [asterisk-users] Best Firewall Suggestions?
> 
>  >> My customer has a outdated firewall that is also 
> presenting a NAT nightmare  > for getting the Asterisk server 
> reachable from the internet.
>  >
>  > What firewalls work good with VOIP? I really want to steer 
> away from any ALG  > supported firewall. I just want a good 
> firewall that works well with  > Asterisk.
> 
> We're running IPCop (Linux based, open source, 100% free), 
> and its been fantastic for us.  www.ipcop.org
> 
> I spent weeks trialing many others.  Even had Astaro send me 
> out a trial box to use.  I think we short-listed this down to 
> pfSense, SmoothWall, Astaro and IPCop.  Its been a while 
> since we did this, so newer versions might have different 
> test results now, but (if I remember correctly):
> 
> 1. pfSense - Solid, but was a bit picky on network adapters 
> (we wanted to use a Quad NIC for this).  Also was a bit 
> cryptic for setup, but that's probably just us being too lazy to RTFM.
> 
> 2. Shorewall - this worked out of the box, looked easy to setup, etc. 
> But when it came down to supporting multiple external WAN IP 
> addresses that we had, it fell short and was dismissed as an 
> option.  I believe that their commercial version did support 
> this, but had a hard time trying to find who to buy the damn 
> thing from.
> 
> 3.  Astaro - great company to work with.  Really helpful, 
> great tech support, etc.  Loving all of that.  Not loving the 
> $2K+ price tag for what we needed.  But then we are stingy 
> and cheap.  That's just us.  If you have commercial clients, 
> and budget this looked really good.
> 
> 4.  IPCop - its free.  Was a dream to install and setup.  
> Support via their mailing list was awesome.  The people there 
> didn't make us feel like newbs when we had basic questions to 
> ask.  Feature set rivaled all other products, and there is a 
> pretty healthy add-on market for it.  QoS was decent, 
> although there are add-ons for better QoS granularity.
> 
> We chose IPCop.  Been running it with Asterisk and our other 
> network apps, servers, etc. for about 4 months straight.  
> Never needed a reboot. 
>   Never crashed.  Low footprint, and runs on some old dog 
> hardware we had lying around.
> 
> Like I said, this review is about 6 months old, so things change. 
> That's our biz.  Go figure.
> 
> Of course, your mileage may vary.
> 
> Myles
> --
> =======================
> Myles Wakeham
> Director of Engineering
> Tech Solutions USA, Inc.
> Scottsdale, Arizona  USA
> http://www.techsolusa.com
> Phone +1-480-451-7440
> 
> 
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list